• Tools
  • ATOMs
  • Speaking Events
  • About Us

Posts created by: Robert Falcone

The BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.
12,686
people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

  • By Robert Falcone
  • January 11, 2021 at 12:01 AM

9

25 min. read

This image represents the concept of ransomware, such as the Egregor ransomware discussed here.
18,119
people reacted

Threat Assessment: Egregor Ransomware

  • By Doel Santos, Brittany Barbehenn and Robert Falcone
  • December 8, 2020 at 6:00 PM

8

5 min. read

Trending

  • COVID-19: Cloud Threat Landscape
  • SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
  • Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
  • Threat Brief: Maze Ransomware Activities
  • COVID-19 Themed Malware Within Cloud Environments
A conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.
24,702
people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

  • By Robert Falcone
  • November 9, 2020 at 12:00 AM

14

12 min. read

An illustration of the concept of ransomware, including Thanos
32,020
people reacted

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

  • By Robert Falcone
  • September 4, 2020 at 6:00 AM

7

13 min. read

The conceptual image illustrates the concept of ransomware.
27,802
people reacted

Threat Assessment: WastedLocker Ransomware Activities

  • By Alex Hinchliffe, Doel Santos, Adrian McCabe and Robert Falcone
  • July 30, 2020 at 6:00 AM

9

4 min. read

A conceptual illustration showing a world map along with icons representing malware and other tools used by malicious actors
25,734
people reacted

OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory

  • By Robert Falcone
  • July 22, 2020 at 6:00 AM

16

18 min. read

30,407
people reacted

Updated BackConfig Malware Targeting Government and Military Organizations in South Asia

  • By Alex Hinchliffe and Robert Falcone
  • May 11, 2020 at 9:30 PM

9

16 min. read

29,807
people reacted

APT41 Using New Speculoos Backdoor to Target Organizations Globally

  • By Bryan Lee, Robert Falcone and Jen Miller-Osborn
  • April 13, 2020 at 5:45 PM

25

7 min. read

26,581
people reacted

Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

  • By Robert Falcone, Bryan Lee and Alex Hinchliffe
  • March 3, 2020 at 6:00 AM

24

28 min. read

28,174
people reacted

Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations

  • By Robert Falcone
  • February 3, 2020 at 6:00 AM

14

13 min. read

19,829
people reacted

xHunt Campaign: New Watering Hole Identified for Credential Harvesting

  • By Brittany Barbehenn and Robert Falcone
  • January 27, 2020 at 6:00 PM

10

7 min. read

22,104
people reacted

xHunt Campaign: xHunt Actor’s Cheat Sheet

  • By Robert Falcone
  • December 4, 2019 at 8:00 PM

11

19 min. read

30,931
people reacted

xHunt Campaign: New PowerShell Backdoor Blocked Through DNS Tunnel Detection

  • By Robert Falcone and Brittany Barbehenn
  • October 10, 2019 at 5:00 AM

12

11 min. read

49,614
people reacted

xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

  • By Robert Falcone and Brittany Barbehenn
  • September 23, 2019 at 6:00 AM

34

22 min. read

53,350
people reacted

Emissary Panda Attacks Middle East Government SharePoint Servers

  • By Robert Falcone and Tom Lancaster
  • May 28, 2019 at 6:00 AM

4

13 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2021 Palo Alto Networks, Inc. All rights reserved.